CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 121140 / 189
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-4563 The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. 6.1 0.24% 2024-05-22 2026-06-17
CVE-2024-4562 In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. 5.4 0.38% 2024-05-14 2026-06-17
CVE-2024-4561 In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. 4.2 0.43% 2024-05-14 2026-06-17
CVE-2024-4358 KEV In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. 9.8 97.48% 2024-05-29 2026-06-17
CVE-2024-4357 An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. 6.5 0.70% 2024-05-15 2026-06-17
CVE-2024-4202 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. 7.7 0.27% 2024-05-15 2026-06-17
CVE-2024-4200 In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 7.7 0.29% 2024-05-15 2026-06-17
CVE-2024-46909 In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. 9.8 49.17% 2024-12-02 2026-06-17
CVE-2024-46908 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-46907 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-46906 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 8.8 40.58% 2024-12-02 2026-06-17
CVE-2024-46905 In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. 8.8 2.26% 2024-12-02 2026-06-17
CVE-2024-3892 A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. 7.2 0.22% 2024-05-15 2026-06-17
CVE-2024-3544 Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. 7.5 0.38% 2024-05-02 2026-06-17
CVE-2024-3543 Use of reversible password encryption algorithm allows attackers to decrypt passwords.  Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. 6.4 0.28% 2024-05-02 2026-06-17
CVE-2024-2449 A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. 7.5 12.88% 2024-03-22 2026-06-17
CVE-2024-2448 An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. 8.4 55.42% 2024-03-22 2026-06-17
CVE-2024-2389 In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. 10.0 93.90% 2024-04-02 2026-06-17
CVE-2024-2291 In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. 4.3 0.39% 2024-03-20 2026-06-17
CVE-2024-1856 In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. 8.5 1.13% 2024-03-20 2026-06-17
cvelogic Threat Intelligence